Daily Archives: December 18, 2021

  • Tips for the week – what about the AppX vulnerability?

    (Note, we’re not ready to give the all clear for installing this is just a post clarifying a particularly confusing update. More about the December updates will be in tomorrow’s newsletter)

    Youtube video here

    This is a special post about a VERY confusing patch that came out on December 14.
    Referred to the Windows AppX installer vulnerability, it’s been used in actual targeted attacks.

    What’s confusing about this update and it’s “patch documentation” is that it’s not really a separate patch, rather it gets updated through the cumulative update. You only need to install this “patch” if you are in a business or corporation and have blocked updating your machines, then you need to manually install this update. Otherwise, it’s already patched and you don’t have to worry about it.

    Now mind you the way the update is documented, it’s not clear, but in testing I can tell that it’s already been fixed.

    Now keep in mind that many of these “in the wild” exploits come in through attachments, so always be wary of attachments to emails. Think… don’t click! I call this “patching the human”. If you patch yourself first – make sure you don’t click on attachments that you weren’t expecting – this goes a long way to keeping yourself safe.

    Edit 12-19-2021:  clearly this is even more confusing. It gets updated through the Microsoft store. Note that I recommend that you leave the Microsoft store to automatically update software for this very reason. Just like browsers, this is something that too often we forget needs updating as well. Bottom line if you’ve not disabled updates for the MS store, you will already be up to date and will not need to take any action.